freshclam AV stops updating on my ReadyNAS

---

@scrjs wrote: I have NOT enabled the Audit Service.  What can I check?

Maybe just scroll through a few screens worth of journalctl entries, and see if anything seems to be flooding the logs.

FWIW, I generally see about ~700 log entries per day.  But of course this will vary, depending on how your NAS is configured and how it is used.  So the low retention doesn't necessarily mean anything is wrong - it just seems to me that your system is doing a lot of logging.

You can count the number of entries for a specific day:

root@NAS:~# journalctl --no-pager | grep "Feb 19" | wc
    701    8685   61460

The first entry is the number of lines that go through the grep filter - so there were 701 entries in my main NAS dated Feb 19.

You can also count them for a specific hour by simply changing the filter a bit.

root@NAS:~# journalctl --no-pager | grep "Feb 19 23:" | wc
     34     419    3132

So my system logged 34 entries between Feb 19 23:00:00 and Feb 19 23:59:59

Hi @StephenB 

Thanks for the education!  I am not proficient with Unix OS

---

@StephenB wrote:

---

@scrjs wrote: I have NOT enabled the Audit Service.  What can I check?

Maybe just scroll through a few screens worth of journalctl entries, and see if anything seems to be flooding the logs.

 

FWIW, I generally see about ~700 log entries per day.  But of course this will vary, depending on how your NAS is configured and how it is used.  So the low retention doesn't necessarily mean anything is wrong - it just seems to me that your system is doing a lot of logging.

 

You can count the number of entries for a specific day:

root@NAS:~# journalctl --no-pager | grep "Feb 19" | wc
    701    8685   61460

The first entry is the number of lines that go through the grep filter - so there were 701 entries in my main NAS dated Feb 19.

 

You can also count them for a specific hour by simply changing the filter a bit.

root@NAS:~# journalctl --no-pager | grep "Feb 19 23:" | wc
     34     419    3132

So my system logged 34 entries between Feb 19 23:00:00 and Feb 19 23:59:59

 

---

In my case I am logging a bit more then you +300 per day and +20 per hour

root@xxxxxReadyNAS:~# journalctl --no-pager | grep "Feb 23" | wc
   1085   11442   94861

root@xxxxxReadyNAS:~# journalctl --no-pager | grep "Feb 23 10:" | wc
     51     530    4505

Looks like my Windows FileHistory is creating the extra entries for some Apple MobileSync.  Not critical but extra logging

Feb 22 21:30:50 xxxxxReadyNAS tracker-miner-fs[2731]: (tracker-miner-fs:2731): Tracker-CRITICAL **:   (Sparql buffer) Error in task 2 (file:///data/Backup/FileHist-T590/scrjs/xxxxxxxxxx-T590/Data/C/Users/scrjs/Apple/MobileSync/Backup/097
38580e54d9155c885c64d0eb6853c06fdaaf6/06/06b60848b6afef08d879bf24afe5855bb7fd0d44%20(2020_08_12%2001_26_35%20UTC)) of the array-update: UNIQUE constraint failed: nie:DataObject.nie:url (strerror of errno (not necessarily related): Reso
urce temporarily unavailable)

Feb 22 21:30:50 xxxxxReadyNAS tracker-miner-fs[2731]: (tracker-miner-fs:2731): Tracker-CRITICAL **: Could not execute sparql: UNIQUE constraint failed: nie:DataObject.nie:url (strerror of errno (not necessarily related): Resource tempo
rarily unavailable)

Thanks again for the tip!

Hi @StephenB 

FWIW AV My NAS has been updaing AV successfully for 7 days after the restart after failure command systemctl start clamav-freshclam.service

root@xxxxxReadyNAS:~# systemctl status clamav-freshclam.service
● clamav-freshclam.service - ClamAV virus database updater
   Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; static; vendor preset: disabled)
   Active: inactive (dead) since Tue 2021-03-02 08:31:18 AEDT; 6h ago
  Process: 12506 ExecStart=/usr/bin/freshclam --quiet (code=exited, status=0/SUCCESS)
 Main PID: 12506 (code=exited, status=0/SUCCESS)

Mar 02 08:27:34 xxxxxReadyNAS systemd[1]: Starting ClamAV virus database updater...
Mar 02 08:27:35 xxxxxReadyNAS freshclam[12506]: ClamAV update process started at Tue Mar  2 08:27:35 2021
Mar 02 08:27:36 xxxxxReadyNAS freshclam[12506]: main.cld is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr)
Mar 02 08:27:40 xxxxxReadyNAS freshclam[12506]: Downloading daily-26095.cdiff [100%]
Mar 02 08:30:36 xxxxxReadyNAS freshclam[12506]: daily.cld updated (version: 26095, sigs: 3956535, f-level: 63, builder: raynman)
Mar 02 08:30:43 xxxxxReadyNAS freshclam[12506]: Can't query daily.26095.93.1.0.6810DB54.ping.clamav.net
Mar 02 08:30:43 xxxxxReadyNAS freshclam[12506]: bytecode.cld is up to date (version: 332, sigs: 93, f-level: 63, builder: awillia2)
Mar 02 08:31:14 xxxxxReadyNAS freshclam[12506]: Database updated (8521530 signatures) from database.clamav.net (IP: 104.16.219.84)
Mar 02 08:31:15 xxxxxReadyNAS freshclam[12506]: Clamd successfully notified about the update.
Mar 02 08:31:18 xxxxxReadyNAS systemd[1]: Started ClamAV virus database updater.

---

@scrjs wrote:

FWIW AV My NAS has been updaing AV successfully for 7 days after the restart after failure command systemctl start clamav-freshclam.service

Thx for updating us.  Netgear says they are still working on the hotfix (no idea why it's taken that long).

Hi @StephenB 

The hotfix automatically applied to my ReadyNAS as noted in the Logs presented in the User Interface where I now see (in timezone AEDT)

Prior to the application of the Hotfix my AV was updating as indicated in my revious update

---

@StephenB wrote:

---

@scrjs wrote:

FWIW AV My NAS has been updaing AV successfully for 7 days after the restart after failure command systemctl start clamav-freshclam.service

Thx for updating us.  Netgear says they are still working on the hotfix (no idea why it's taken that long).

---